internal/lume: don't capture metrics for paths that don't open

This fixes an issue where an attacker could create infinite cardinality in my prometheus server by sending a bunch of bogus GET requests. Metrics are only tracked for paths that make sense. Signed-off-by: Xe Iaso <me@xeiaso.net>
author: Xe Iaso <me@xeiaso.net> 2024-01-28 13:06:47 -0500
committer: Xe Iaso <me@xeiaso.net> 2024-01-28 13:24:36 -0500
commit: 57bd9082dd4f01fab353db4485819a2f87416245 (patch)
tree: 325d711b53edb22e285162f1a7560182b0f3e26a
parent: a16146721f79e3ae30f59ed6515bbbf3ccb8dbcf (diff)
download: xesite-57bd9082dd4f01fab353db4485819a2f87416245.tar.xz
xesite-57bd9082dd4f01fab353db4485819a2f87416245.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/lume/lume.go b/internal/lume/lume.go
index 7a966c0..47fd497 100644
--- a/internal/lume/lume.go
+++ b/internal/lume/lume.go
@@ -87,9 +87,14 @@ func (f *FS) Close() error {
 }
 
 func (f *FS) Open(name string) (fs.File, error) {
+	fin, err := f.fs.Open(name)
+	if err != nil {
+		return nil, err
+	}
+
 	opens.Add(name, 1)
 
-	return f.fs.Open(name)
+	return fin, nil
 }
 
 type Options struct {
author	Xe Iaso <me@xeiaso.net>	2024-01-28 13:06:47 -0500
committer	Xe Iaso <me@xeiaso.net>	2024-01-28 13:24:36 -0500
commit	57bd9082dd4f01fab353db4485819a2f87416245 (patch)
tree	325d711b53edb22e285162f1a7560182b0f3e26a
parent	a16146721f79e3ae30f59ed6515bbbf3ccb8dbcf (diff)
download	xesite-57bd9082dd4f01fab353db4485819a2f87416245.tar.xz xesite-57bd9082dd4f01fab353db4485819a2f87416245.zip